Babuk Locker is a new form of ransomware that just emerged in 2021. This version of ransomware is like other versions. The similarity is since if the ransom is not paid, the encrypted dada will be published online. The threat of publication is used by most ransomwares to push the victim to pay the ransom.
Babuk Locker Encryption
Chuang Dong investigated Babuk Locker, concluding that it uses a version of SHA256 encryption called ‘ChaCh8’. Adding to this, is the use of Elliptic-curve Diffie-Hellman key generation to protect its keys and encrypt files.
This makes it impossible without paying the ransom to retrieve the encrypted files from the hacker. SHA256 has its roots with the National Security Agency.
Targets and victims of Babuk Locker at present is from all over the world but small. The reported demand ranges from $60,000 to $85,000 in bitcoin. These attacks are customized for the specific victim in mind, which means it was not group attacks of the same industry. The customized attacks include hardcoded extension, ransom note, and a Tor victim URL.
Consequence of Attack
The victims are threatened that if the ransom is not paid, then the stolen files and data will be released online. The stolen data will be published on a hacking forum and not on the perpetrators’ dedicated leak site. Another consequence is that like other ransomware attacks, the victim has no access to their stolen data.
Preparing and Mitigating a Ransomware Attack
There are ways to prepare for a ransomware attack that can mitigate damages and create the option to not pay the ransom. To do this, companies and potential victims can have multiple backups of files and data that is not on the system. This is to hide the backup files from potential hackers and attacks. Know who has access to the computer system and that employees or individuals only have access to what they need and nothing more. The computer software needs to be up to date to fix any potential bugs that the hacker may try to exploit. The computer network needs to be secure to prevent the download of web-based malware. Email security is important because email phishing is a way to infect a system. In case of any form of malware attack, the company can have a security incident monitoring tool or SIEM to detect and respond to a malware attack. Lastly, employees need to be educated to lessen the chance of a ransomware attack. These preparations will help to mitigate a ransomware attack but will not stop one.